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REMARKS 

Reconsideration and further examination are respectfully requested. 
Objections to the claims 

Claims 7 and 8 were objected to for depending from claim 5, rather than claim 6. 
Applicant has amended the claims to correct their dependence relationship and it is requested that 
the objection be withdrawn. The Examiner is thanked for the careful review of the claims. 

Rejections under 35 U.S.C. § 102(e) 

Claims 1-3, 6-7, 9-10 and 13-15 were rejected under 35 U.S.C. §102(e) as anticipated by 
Hoke, U.S. Patent 6,701,437. 
Hoke: 

Hoke describes, at col. 3, lines 29-20: 

"... a virtual private network (VPN) unit for selectively processing secure 
communications for members of a virtual private network. One embodiment of the present 
invention is used in a VPN operating over a public data network connected to an organization's 
private network (e.g., a LAN or WAN). The organization's private network includes one or more 
endstations that are members of the VPN. In this first embodiment, a VPN unit serving the VPN 
member endstations contains a processor, storage memories, and a communication port. A 
method of configuring the VPN unit is also provided, whereby VPN communications (e.g., 
communications requiring secure transmission between members of a VPN) are processed by the 
VPN unit but other communications bypass it. . ." 

A VPN unit of Hoke, as described at column 4 lines 45-48, receives configuration 
parameters that are used to configure the VPN unit to appropriately handle communications 
between members of VPNs. As described at column 8, lines 37-43: 

"...VPN units maintain lookup tables for identifying members of specific virtual private 
networks and groups within a particular virtual private network. When VPN traffic is sent 
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between source and destination endstations that are both members of the same VPN, the VPN 
unit serving the source endstation processes the data packet, encrypts it, compresses it (if 
necessary), and adds authentication information as needed. . ." 

Thus, the VPN unit maintains lookup tables that identify both endstations to figure out 
the appropriate transformation to apply to the packet. Such a structure is described at page 4 of 
Applicant's specification. One drawback of such a structure is the difficulty of scalability, since 
the VPN unit must maintain security association information for each source/destination pair. 

In contrast, the claimed invention discloses the use of a VPN identifier (as opposed to a 
source/destination pair). The VPN-ID is used to determine a transform to apply to the packet, 
while routing can be done using the destination address. 

The Examiner states that Hoke teaches such a limitation at column 7, lines 46-53. 

However, column 7, lines 46-53 of Hoke merely recites: 

"...To enable this selective mode of operation, VPN traffic sent or received by 
endstations within headquarters LAN 110 conform to a "tunnel" format. In this tunnel format, 
data packets generated by an endstation in LAN 110 are received by VPN unit 115 where they 
are encrypted and encapsulated within VPN packets addressed to the VPN unit serving the 
destination endstation. Conversely, when VPN unit 115 receives a VPN packet from public 
network 100, it strips off the destination address (which corresponds to VPN unit 115), decrypts 
the remainder, and forwards the packet to LAN 1 10 for delivery to the appropriate station. . . ." 

The portion of text cited by the Examiner merely shows that the LAN forwards a packet 
to the VPN. Applicant's can only assume that the Examiner, therefore, is broadly reading the 
combination of the source and destination LAN address as the 'group identifier' limitation of the 
claim. However, Applicant's would like to respectfully point out that the claim recites the use of 
a group identifier as well as a destination address; thus it is clear that the group identifier of the 
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claims is differentiated from a destination address, and is therefore not analogous to the 

combination of the source and destination address combination of Hoke. 

Accordingly, for at least the reason that Hoke fails to describe or suggest 'a group 
identifier corresponding to the group of stations and a destination address for the packet...' as 
recited in claim 1, it is requested that the rejection be withdrawn. Dependent claims 2-5 serve to 
further limit claim 1 and are therefore allowable with claim 1. 

Claim 6, as amended, now recites the steps of ". . .receiving a packet at the egress of the 
backbone, the packet including an identifier of the group of stations and a destination for the 
packet . . . restoring the packet responsive to the group security association data associated with 
the identifier of the group of stations; and forwarding the packet to the destination. 

Accordingly, claim 6 includes limitations similar to those of claim 1 , in particular the use 
of a packet that includes an identifier of a group of stations in addition to a destination address. 
For at least the reason that Hoke fails to teach or suggest every limitation of claim 6 it is 
therefore requested that the rejection be withdrawn. Dependent claims 7-8 serve to further limit 
claim 6 and are therefore allowable with claim 6. 

Claim 9, as amended, now recites the steps of ". . .forwarding, by the source station, a 
packet to the destination station, the packet including the destination identifier and the private 
group identifier, the step of forwarding including transforming the packet using the group 
security association. 

Accordingly, claim 9 includes limitations similar to those of claim 1, in particular the use 
of a packet that includes an identifier of a group of stations in addition to a destination address. 
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For at least the reason that Hoke fails to teach or suggest every limitation of claim 9 it is 
therefore requested that the rejection be withdrawn. 

Claim 10, as amended, now recites "... means for forwarding the communication 
between members of the group over the network using a group address associated with the group, 
the group address including a group identifier and a group destination address. . ." As described 
above with regard to claim 1, no such structure is shown or suggested by Hoke, and it is therefore 
requested that the rejection be withdrawn. Dependent claims 11-16 serve to further limit claim 
10 are therefore allowable with claim 10. 

Rejections under 35 U.S.C. $103 

Claims 4-5, 8, 12 and 15 were rejected under 35 U.S.C. §103 as unpatentable over Hoke 
in view of Mukherjee, U.S. Patent Application No. 2004/0006708. 

Mukherjee: 

Mukherjee describes, in the Abstract: 

"A method for providing peer-to-peer virtual private network (P2P-VPN) services over a 
network. The method includes identifying subnet and host addresses for each user device 
requesting participation in a virtual private network (VPN) session. Once the subnet and host 
addresses are identified, a virtual private host (VPH) is initiated for each user device, where each 
VPH communicates with each user device via a respective tunnel through the network, thereby 
enabling secure communications between the user devices. . ." 

Thus, Mukherjee describes a peer-to-peer VPN, where end-user devices directly 
communicate. Such a teaching would appear to be in direct contrast the with teachings of Hoke, 
which directs all VPN communications between VPN units that maintain lookup tables for the 
individual end-users. 
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With regard to the combination of Hoke and Mukherjee, the Examiner states, at page 4 of 
the office action: 

"... it would have been obvious. . . because it allows the advantage of having peer to peer 
virtual private networking for consumers who are not affiliated with an enterprise thus allowing 
multiparty conferences and bridges. . ." 

Applicants respectfully submit that Hoke would *not* have been motivated as the 
Examiner suggests, for the reason that such a modification would cause the lookup tables of 
Hoke to become unmanageable. Absent the solution of the present invention, such a 
combination would serve to frustrate Hoke to the point of inoperability. 

However, even if one would be motivated to modify Hoke as suggested by the Examiner, 
Applicant's respesctfully submit that the combination of Hoke and Mukherjee still fails to teach 
or suggest the limitations of the parent claim. Thus claims 4, 5, 8, 12 and 15 are patentable for at 
least the reason that they serve to further limit an allowable parent claim. 
Conclusion: 

Applicants have made a diligent effort to place the claims in condition for allowance. 
However, should there remain unresolved issues that require adverse action, it is respectfully 
requested that the Examiner telephone Applicants' Attorney at the number listed below so that 
such issues may be resolved as expeditiously as possible. 
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For these reasons, and in view of the above amendments, this application is now 
considered to be in condition for allowance and such action is earnestly solicited. 

Respectfully Submitted, 
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